General
-
Target
Veno.exe
-
Size
5.2MB
-
Sample
241224-k7eldatlfy
-
MD5
1fd54055c3703fba5e110b0e68fd434b
-
SHA1
26845bbcd373bb281891699f49541454598edfcf
-
SHA256
c74979f0e2b603d690941c512cf4aa6824aea56aa6de9c333d2be13f4dde65f6
-
SHA512
50f5688c5a97de64f8f78cd767a18e52fe830ec1321744535f3dc84d2f6a7a68af247171a5d7e0b6b8528c098aaaae09cde1b70a896838a82ef580064e81722b
-
SSDEEP
98304:Aqw6Y+PiWjIOMLRqWqZD0ofvE7TY5kGdRUy4bz6cCMHps/KHNNiVakHoxdy:Aqw65PhVM83nEaLRU9z3CeaK0V4xI
Static task
static1
Behavioral task
behavioral1
Sample
Veno.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Veno.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
discordrat
-
discord_token
MTMxNzcyMDg5MTkzMjY3NjEyNw.GR4BZy.jjTYOTYEIjYBpgSrr1GXK-BhAoku0-amSnOglA
-
server_id
1317719739920810024
Targets
-
-
Target
Veno.exe
-
Size
5.2MB
-
MD5
1fd54055c3703fba5e110b0e68fd434b
-
SHA1
26845bbcd373bb281891699f49541454598edfcf
-
SHA256
c74979f0e2b603d690941c512cf4aa6824aea56aa6de9c333d2be13f4dde65f6
-
SHA512
50f5688c5a97de64f8f78cd767a18e52fe830ec1321744535f3dc84d2f6a7a68af247171a5d7e0b6b8528c098aaaae09cde1b70a896838a82ef580064e81722b
-
SSDEEP
98304:Aqw6Y+PiWjIOMLRqWqZD0ofvE7TY5kGdRUy4bz6cCMHps/KHNNiVakHoxdy:Aqw65PhVM83nEaLRU9z3CeaK0V4xI
-
Discordrat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-